The Silver Bullet Security Podcast with Gary McGraw is published once a month. The series started in April 2006. The podcast features in-depth conversations I have with fellow security gurus. Guests include technologists, academics, business people, authors, the press, and government officials. Since its inception, episodes of Silver Bullet have been downloaded over 1.4 million times. On average, each episode has over 13,000 listeners. Want to hear a certain someone interviewed on Silver Bullet? Drop us a line.
The name of the podcast is an inside joke reference to Fred Brook’s famous paper “
No Silver Bullet — Essence and Accidents of Software Engineering.” There was once no silver bullet, now there is.
Silver Bullet Special Video Episode 120
To celebrate 10 straight years of the monthly Silver Bullet Security Podcast—120 months in a row—we’re flipping the mic. Marcus Ranum interviews me.
Show 146: Nicholas Weaver discusses network security, botnets, and cryptocurrency
29 May 2018
Listen as Gary and Nicholas discuss the Spectre vulnerability, botnet attacks, research tech transfer, cryptocurrencies and blockchain technology, and more.
Show 145: Tanya Janca discusses transitioning from developer to software security guru
23 Apr 2018
Listen as Gary and Tanya discuss the transition from development to security, election security, DevOps, and more.
Show 144: Ron Gula discusses government versus commercial security solutions
27 Mar 2018
Listen as Gary and Ron discuss government and commercial security solutions, the NIST framework, tech transfer, technical advisory boards, and more.
Show 143: Elena Kvochko discusses security policy and security technology
26 Feb 2018
Listen as Gary and Elena discuss security policy, security technology, the role of a CIO, holistic security tactics, the economics of a security breach, and more.
Show 142: Craig Froelich discusses the 2018 CISO Report
17 Jan 2018
Listen as Gary and Craig discuss the role of the CISO in the financial services ecosystem and the newly released 2018 CISO Report.
Show 141: Bruce Potter discusses ShmooCon, DevOps, and the CISO role
28 Dec 2017
Listen as Gary and Bruce discuss ShmooCon, the state of software security books, network security trends, hacking back, the relationship between preventative security engineering and operational security, DevOps, the CISO role, and more.
Show 140: Adrienne Porter Felt discusses usable security at Google and web versus mobile permission models
30 Nov 2017
Listen as Gary and Adrienne discuss usable security, web and mobile security indicators, browser warnings, permission models, and more.
Show 139: Matias Madou discusses secure development training and software security testing research
31 Oct 2017
Listen as Gary and Matias talk about effective software security testing methods, security research, secure development training, and more.
Show 138: Nicole Perlroth discusses life as a cyber security journalist
29 Sep 2017
Listen as Gary and Nicole talk about life as a cyber security journalist, being a woman in the security industry, and playing up the sex appeal of cyber security.
Show 137: Wafaa Mamilli Discusses Cultural Differences in Technology Management
31 Aug 2017
Listen as Gary and Wafaa cover cultural differences in technology management, CISO education, organizational hierarchy, and more.
Show 136: Pavi Ramamurthy discusses the relationship between development and software security
31 Jul 2017
Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more.
Show 135: Ksenia Dmitrieva-Peguero discusses software security and AngularJS
29 Jun 2017
Listen as Gary and Ksenia discuss software security awareness, AngularJS, security conferences, and more.
Show 134: Kelly Jackson Higgins Discusses Cyber Security Journalism
24 May 2017
Listen as Gary and Kelly discuss how to separate fact from fiction when it comes to news in security, changes in security-focused journalism in recent years, social media, security politics, and more.
Show 133: Cheryl Biswas Discusses the Politicization of Cyber Security
27 Apr 2017
Listen as Gary and Cheryl discuss aligning security to work as a service for the business rather than an imposition for employees, trending cyber security political topics, work-life balance, and more.
Show 132: Chenxi Wang Discusses DevOps and Diversity in Tech
29 Mar 2017
Listen as Gary and Chenxi discuss the life of Professor John C. Knight, the Jane Bond Project, the Grace Hopper Conference, the state of software security, DevOps, fixing the diversity in tech issue, and more.
Show 131: Kate Pearce Discusses the Relationship Between Biology and Security
28 Feb 2017
Listen as Gary and Kate discuss the state of the software security industry, gender perspectives in the security space, the relationship between biology and security, and more.
Show 130: Jessy Irwin Discusses How to Make Security and Privacy Accessible
24 Jan 2017
Listen as Gary and Jessy discuss social engineering, security research, and security education and accessibility.
Show 129: Kelly Lum Discusses Bug Hunting and a Unique Analytical Outlook on Security
28 Dec 2016
Listen as Gary and Kelly discuss the differences between application security and software security, finding bugs versus fixing bugs, improving code review tools, and how mental illness affects her analytical security outlook.
Show 128: Lesley Carhart Discusses Incident Response and Digital Forensics
30 Nov 2016
Lesley Carhart is the Security Incident Response Lead at a large corporation in the Chicagoland area where she and her team work with digital theft, misconfiguration, and hacking issues. She has 17 years of experience in the IT industry, eight of which focus on incident response and digital forensics. Lesley holds a BS in Network Technologies from DePaul University. She is an active writer, speaker, and works as a member of CircleCityCon staff.
Show 127: Dr. Marie Moe Discusses Medical Device Security
26 Oct 2016
Listen as Gary and Marie discuss her research and the future of medical device security.
Show 126: Mike Pittenger Discusses Open Source Software Security
30 Sep 2016
Listen as Gary and Mike discuss open source security including OpenSSL, containerization, and progress being made in the industry.
Show 125: Jim Manico Discusses Static Analysis, Open Source, and Developer Training
31 Aug 2016
Listen as Gary and Jim discuss recent developments with static analysis, the relationship between open source and security, programming languages frameworks and how they impact tools, developer training, enterprises moving to the cloud, and island life.
Show 124: Lance Cottrell Discusses Anonymity and Privacy
29 Jul 2016
Listen as Gary and Lance discuss privacy, anonymity, Tor, attribution issues, browser security, geolocation, anonymity tools, and more.
Show 123: Yanek Korff Discusses How to Build a Successful Technical Team
29 Jun 2016
Listen as Gary and Yanek discuss outsourcing, people vs. automation, incident response, and what he has learned about building and maintaining a successful technical team.
Show 122: David Nathans Discusses Security Operations Centers and Medical Device Security
01 Jun 2016
Listen as Gary and David discuss security considerations when designing and building SOCs, the emergence of DevOps, and the progress that’s been made between data and security in medical devices over the past decade.
Show 121: Marty Hellman Discusses Cryptography and Nuclear Non-Proliferation
27 Apr 2016
Listen as Gary interviews Martin about his cutting-edge career, involvement in the crypto wars, and his work with nuclear non-proliferation and risk management.
Show 120: Silver Bullet Celebrates 10 Years! Marcus Ranum Interviews Gary McGraw
31 Mar 2016
To celebrate 10 straight years of the monthly Silver Bullet Security Podcast, we’re flipping the mic. During the past decade, Dr. Gary McGraw has interviewed some of the security industry’s most influential gurus.
Show 119: Jacob West Discusses the IEEE CSD, Bugs, Flaws, And Wearable Devices
01 Mar 2016
As the Chief Architect for Security Products at NetSuite, Jacob West leads research and development for technology to identify and mitigate security threats.
Show 118: Jack Daniel Discusses Security BSides, Communities, and the Big Picture of Security
30 Jan 2016
Gary talks to Jack Daniel, a leading technology community activist, about the evolution of the community-driven BSides Con, changes in the security field over the last decade, and his thoughts on where good security people come from.
Show 117: Jamie Butler Discusses Security Research, Thinking Like a Hacker, And Rootkit Development
22 Dec 2015
Gary talks to Jamie Butler, a self-proclaimed "coder at heart," about the importance of an offensive security approach, attack patterns, and his specialization in rootkit development.
Show 116: Doug Maughan Discusses the Current State Of Cyber Security In the U.S. Department Of Homeland Security
01 Dec 2015
Gary talks to Dr. Doug Maughan about scientific research in computer security and its relationship to wider government efforts in security.
Show 115: Peiter Zatko Discusses the L0pht and Government Influence
29 Oct 2015
Gary talks to Peiter Zatko, better known as “mudge” in hacker and security circles, about the evolution of the L0pht hacker collective and how his work in security influenced key agencies within the U.S. government to ramp up their cybersecurity efforts.
Show 114: Peter Clay Discusses the Evolution of the CISO Role
30 Sep 2015
Gary talks to the Chief Information Security Officer of Qlik, Peter “Pete” Clay, who holds 20+ years of experience in technology growth and its relationship to security from a risk management perspective.
Show 113: Chandu Ketkar Discusses Software Security Best Practices
01 Sep 2015
Gary talks to Synopsys’ Chandu Ketkar. With 20+ years of experience as a developer prior to getting into security, Chandu brings a unique and enlightened view to software security.
Show 112: Crypto Wars II with Steve Bellovin and Matt Green
24 Jul 2015
We thought the “crypto wars” were resolved in the late 1990s. But the introduction of encrypted devices—specifically the release of iOS 8 and the growing number of available encrypted communication channels through public services such as Facebook and Snapchat—has resurfaced the debate.
Show 111: An Interview with Marcus Ranum
01 Jul 2015
Has software security actually gotten worse? On the 111th episode of The Silver Bullet Security Podcast, Gary talks with Marcus Ranum, Chief Security Officer of Tenable Network Security.
Show 110: An Interview with Paul Dorey
31 May 2015
Gary and Paul discuss the modern role of the CSO and the ideal background for a CSO, Paul’s biggest win and biggest mistake as a CSO, and the role of building security in as part of a CSO’s strategy.
Show 109: An Interview with Bart Preneel
23 Apr 2015
Gary and Bart discuss the differences in approaches to security between the EU and the US, what the picture of building security in looks like around the world, quantum cryptography, and the implications of the Snowden revelations on cryptography.
Show 108: An Interview with Katie Moussouris
28 Mar 2015
In the 108th episode of the Silver Bullet Security podcast, Gary talks with Katie Moussouris, Chief Policy Officer of HackerOne.
Show 107: An Interview with Jean Camp
01 Mar 2015
Gary and Jean discuss usability and security, whether users’ implicit expectations of security and privacy are enough to move the mobile market, and “old people” and security.
Show 106: An Interview with Steve Katz: the world’s first CISO
01 Feb 2015
Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.”
Show 105: The History of Public Key Cryptography with Whitfield Diffie
01 Jan 2015
On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography.
Show 104: An Interview with Rick Gordon
01 Dec 2014
On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37.
Show 103: An Interview with Brian Krebs
01 Nov 2014
On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security.
Show 102: An Interview with Richard Danzig
18 Sep 2014
On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things).
Show 101: Software Security with the Founders of the Center for Secure Design
27 Aug 2014
On the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Synopsys), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design.
Show 100: The State of Software Security with Synopsys
24 Jul 2014
In this episode Gary talks live on video with John Steven, Scott Matsumoto, Paco Hope, Jim DelGrosso and Sammy Migues. The group discusses the state of software security and how its evolved (or has it?) over the last decade.
Show 099: the PLDI and Software Security with Michael Hicks
01 Jul 2014
Show 098: The Hype behind Heartbleed with Bart Miller
31 May 2014
Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of binaries, and the SWAMP project.
Show 097: The Development Side of Software Security with Aaron Bedra
01 May 2014
Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, type safety and closure in programming, and the most recent non-fiction book that Aaron’s read.
Show 096: An Interview with Nate Fick
01 Apr 2014
Gary and Nate discuss the use of the term "cyber war" from the perspective of an ex-Marine, Nate's time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game.
Show 095: An Interview with Charlie Miller
25 Feb 2014
On the 95th episode of the Silver Bullet Security Podcast, Gary talks with Charlie Miller, a computer security researcher with Twitter.
Show 094: An Interview with Ming Chow
01 Feb 2014
Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals.
Show 093: An Interview with Yoshi Kohno
25 Dec 2013
Gary and Yoshi discuss how much impact academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, and helping consumers understand privacy implications of popular products’ security designs.
Show 092: The Early Days of Computing with Jon Callas
27 Nov 2013
Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work (rock on).
Show 091: A Breakdown of the BSIMM-V with Caroline Wong
31 Oct 2013
Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profile firms, and how to increase the number of women in computer science.
Show 090: Cryptography compared with Matthew Green
01 Oct 2013
Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_DRBG RSA/EMC random number generator.
Show 089: Academic vs. Corporate research with Michael Reiter
01 Sep 2013
On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teaching computer security, and how to attract more women to the field of software security.
Show 088: Teaching Security Globally with Christian Collberg
01 Aug 2013
Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software, Christian’s opinions on products that purport to offer software protection on mobile devices, and whether software security students should be taught to think like an attacker.
Show 087: Progression of Software Security with James Walden
01 Jul 2013
Gary and James discuss the progress being made in the field of software security, why there are plenty of top N lists for bugs but none for flaws, the difficulties of teaching how to fix code, the current generation’s outlook on privacy, and security metrics and measurement.
Show 086: Technical Culture across the Pacific with Wenyuan Xu
01 Jun 2013
Gary and Wenyuan discuss the differences between American and Chinese technical culture, Wenyuan’s work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science.
Show 085: A Discussion with Jim Routh and Scott Matsumoto
01 May 2013
On this episode, Gary and guests discuss the challenges of mobile security and how these challenges are exactly the same as and utterly different than software security concerns from across the years.
Show 084: Learning Science in the Country with Hord Tipton
01 Apr 2013
Gary and Hord discuss how one gets into science and engineering when growing up in rural Tennessee, what insight being nuclear and chemical engineer gives Hord about modern control systems, whether or not certification can help advance software security, and the benefits of teaching software security to kids.
Show 083: An Interview with Mark Graff
01 Mar 2013
Gary and Mark discuss what exactly a CISO does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence Livermore National Laboratory, Enrico Fermi and the piano tuners (the “Fermi problem”) and how it relates to estimation, and the most surprising cultural difference between the left and right coasts.
Show 082: An Interview with Kevin Fu
19 Jan 2013
Gary and Kevin discuss finding advisors and picking a grad school, the security implications of embedded medical devices, malware in hospital systems, the consumer trend toward analyzing one’s own health data, and the difficulty of teaching design analysis to other humans.
Show 081: An Interview with Steve Bellovin
27 Dec 2012
Gary and Steve discuss how often academic research finds its way into the real world versus research that’s done in a commercial lab, how code has gotten better overall but how the threat model has changed, whether mobile security is just a repackaging of the same security problem we’ve been dealing with for years, the state of computer security in the government, the very first days of Usenet and the famed Evil Bit.
Show 080: An Interview with Thomas Rid
01 Dec 2012
On the 80th episode of the Silver Bullet Security Podcast, Gary talks with Thomas Rid, Reader in War Studies at King’s College London and a non-resident fellow at the Center for Transatlantic Relations in the School for Advanced International Studies, Johns Hopkins University, in Washington, DC.
Show 079: Software Security Initiative at Sony with Per-Olof Persson
25 Oct 2012
On the 79th episode of the Silver Bullet Security Podcast, Gary talks with Per-Olof Persson (a.k.a. Peo), head of Global Software Security Operations at Sony Mobile and Board member of Sony Corporation.
Show 078: An Interview with Jacob West
01 Oct 2012
On the 78th episode of the Silver Bullet Security Podcast, Gary talks with Jacob West, Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard and newly minted CTO.
Show 077: An Interview with Gary Warzala
29 Aug 2012
On the 77th episode of the Silver Bullet Security Podcast, Gary talks with Gary Warzala, CISO of Visa International.
Show 076: An Interview with David Evans
28 Jul 2012
Gary and Dave discuss the founding of the Interdisciplinary Major in Computer Science (BA) at UVa and why a broad approach to Computer Science and Computer Security is a good idea, why data privacy gets short shrift in the United States, why people think (for no apparent reason) that their mobile devices are secure, groceries, David’s research on Secure Computation, and the Udacity project.
Show 075: An Interview with Howard Schmidt
01 Jul 2012
In this episode, Gary and Howard discuss the differences between doing security work in the public and private sectors, the difficulties of establishing cybersecurity in the government (especially when it comes to software security), the government’s involvement in cyberespionage, and how the actions of Anonymous and Wikileaks square with the notion of free speech.
Show 074: An Interview with Bruce Schneier
31 May 2012
They revisit Bruce’s prediction in episode 9 that insight into economics and security would help vendors sell their products more efficiently.
Show 073: An Interview with Robert Vamosi
01 May 2012
Gary and Robert discuss whether we’re doomed to idiocy as a species thanks to gadget dependency, why designers ignore security and privacy issues in gadget design.
Show 072: Cyber Law Discussion with Randy Sabett
31 Mar 2012
Gary and Randy discuss Microsoft’s Zeus Botnet raid, alleged AT&T/NSA wiretapping, whether cyberlaw is full of loopholes, and if security always trades off against privacy and anonymity.
Show 071: An Interview with Bill Arbaugh
01 Mar 2012
Gary and Bill discuss how malware has evolved and changed over the last decade and how it’s affected software security practices, BIOS-based attacks, academia vs. startup, and why the NSA doesn’t play defense when it comes to cybersecurity.
Show 070: An Interview with Ross Anderson
01 Feb 2012
Gary chats a second time with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering.
Show 069: An Interview with Steve Myers
30 Dec 2011
On the 69th episode of The Silver Bullet Security Podcast, Gary talks with Steve Myers, Assistant Professor of Informatics and Computing in the School of Informatics at Indiana University and a member of the Center for Applied Cybersecurity.
Show 068: An Interview with John Steven
01 Dec 2011
Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools.
Show 067: An Interview with Bill Pugh
29 Oct 2011
On the 67th episode of The Silver Bullet Security Podcast, Gary talks with Bill Pugh, professor at the University of Maryland College Park.
Show 066: An Interview with Shari Lawrence Pfleeger
30 Sep 2011
On the 66th episode of The Silver Bullet Security Podcast, Gary chats with Shari Lawrence Pfleeger, Director of Research for the Institute for Information Infrastructure Protection at Dartmouth College.
Show 065: An Interview with Giovanni Vigna
30 Aug 2011
On the 65th episode of The Silver Bullet Security Podcast, Gary is joined by Giovanni Vigna, professor of Computer Science at UC Santa Barbara.
Show 064: An Interview with Markus Schumacher
30 Jul 2011
On the 64th episode of The Silver Bullet Security Podcast, Gary chats with Markus Schumacher, co-founder and CEO of Virtual Forge.
Show 063: An Interview with Craig Miller
29 Jun 2011
On the 63rd episode of The Silver Bullet Security Podcast, Gary talks with Craig Miller, principal at the MAPA Group. Gary and Craig discuss entrepreneurship, the pluses and minuses of working for start-ups and very large corporations, smart grid security, and working with NRECA.
Show 062: An Interview with Halvar Flake
01 Jun 2011
On the 62nd episode of The Silver Bullet Security Podcast, Gary chats with Halvar Flake (a.k.a. Thomas Dullien), founder of reverse engineering consultancy, Zynamics, which was recently purchased by Google. Gary and Halvar discuss the acquisition, Zynamics’ product BinDiff, whether the “bad guys” are using code understanding tools (including decompilers) better than developers, static versus dynamic analysis, international politics meets computer security, and the growing complexity of malware.
Show 061: An Interview with Carl Landwehr
29 Apr 2011
On the 61st episode of The Silver Bullet Security Podcast, Gary talks with Carl Landwehr, Director of Trustworthy Computing at the National Science Foundation and a Senior Research Scientist at the Institute for Systems Research within the University of Maryland.
Show 060: An Interview with Neil Daswani
31 Mar 2011
On the 5th anniversary, 60th episode of The Silver Bullet Security Podcast, Gary talks with Neil Daswani, CTO and co-founder of Dasient.
Show 059: An Interview with Ralph Langner
26 Feb 2011
On the bonus-length 59th episode of The Silver Bullet Security Podcast, Gary chats with Ralph Langner, Founder and CEO of Langner Communications.
Show 058: An Interview with John Savage
25 Jan 2011
On the 58th episode of The Silver Bullet Security Podcast, Gary talks with John Savage, professor of Computer Science at Brown University and Jefferson Science Fellow for the State Department.
Show 057: An Interview with Elinor Mills
24 Dec 2010
On the 57th Silver Bullet Security Podcast, Gary talks with Elinor Mills, senior writer at CNET’s news.com.
Show 056: An Interview with Sammy Migues
01 Dec 2010
Gary and Sammy discuss how Sammy’s southern upbringing affects his approach to security, his experience speaking to the National Rural Electric Cooperative Association, the advantages of defensive programming versus “the bug parade” and the BSIMM.
Show 055: An Interview with Deborah Frincke
30 Oct 2010
On the 55th Silver Bullet Security Podcast, Gary chats with Deborah Frincke, Chief Scientist, Cybersecurity at Pacific Northwest National Laboratory.
Show 054: The Decades Science Fiction with Marc Donner
28 Sep 2010
On the 54th Silver Bullet Security Podcast, Gary talks with Dr. Marc Donner, engineering director for Google Health and Google Finance.
Show 053: Network Security Best Practices with Richard Bejtlich
24 Aug 2010
On the 53rd episode of The Silver Bullet Security Podcast, Gary interviews Richard Bejtlich, Director of Incident Response for General Electric and Principal Technologist for GE’s Global Infrastructure Services division.
Show 052: A Breakdown of Security Analysis with Paul Kocher
22 Jul 2010
On the 52nd episode of The Silver Bullet Security Podcast, Gary chats with Paul Kocher, President and Chief Scientist of Cryptography Research.
Show 051: Startup versus Government Research with Anup Ghosh
26 Jun 2010
On the 51st episode of The Silver Bullet Security Podcast, Gary talks with former co-worker Dr. Anup Ghosh.
Show 050: Lacking Defense in Cyber War with Richard Clarke
02 Jun 2010
On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism.
Show 049: Imitating the Attackers Prespective with Ivan Arce
01 May 2010
On the 49th episode of The Silver Bullet Security Podcast, Gary talks with Ivan Arce, co-founder and CTO of Core Security Technologies.
Show 048: Changes in Security Compliance with Andrew Jaquith
26 Mar 2010
On the 48th episode of The Silver Bullet Security Podcast, Gary interviews Andrew Jaquith, senior analyst at Forrester.
Show 047: Security’s need for Languages with Greg Morrisett
01 Mar 2010
On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett.
Show 046: A Look Inside Infowar with David Rice
28 Jan 2010
Gary and David discuss David’s involvement with Infowar at the Naval Postgraduate School and how it impacted his thinking about software, the recent Chinese cyberattack on Google, what incentives exist to create and apply software security best practices, how users may be mistaking marketing for security, and the SANS WhatWorks in Application Security Summit.
Show 045: The Common Disregard for Privacy with Lorrie Cranor
19 Dec 2009
On the 45th episode of The Silver Bullet Security Podcast, Gary chats with Lorrie Cranor, Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Melon University.
Show 044: The History of Network Security with Steve Kent
26 Nov 2009
On the 44th episode of The Silver Bullet Security Podcast, Gary talks with Steve Kent, Chief Scientist – Information Security, for BBN Technologies, a division of Raytheon.
Show 043: The Hype behind Cloud Security with Chris Hoff
22 Oct 2009
On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco.
Show 042: Informatics and Health Security with Gilian Hayes
26 Sep 2009
On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine.
Show 041: Security vs. Reliability with Fred Schneider
22 Aug 2009
On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace.
Show 040: Comparing Security Models with Bob Blakley
18 Jul 2009
For the 40th episode of The Silver Bullet Security Podcast, Gary interviews Bob Blakley, VP and research director of The Burton Group’s Identity and Privacy Strategies.
Show 039: “Cyber Coordinator” defined with Matt Blaze
18 Jun 2009
For the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania.
Show 038: The Importance of In-Situ Usability with Kay Connelly
19 May 2009
For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU's Center for Applied Cybersecurity Research.
Show 037: Changes and Immortality of Security with Virgil Gilgor
22 Apr 2009
On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab.
Show 036: The Birth of the BSIMM with Gary McGraw
19 Mar 2009
Gary and James discuss the recently released Building Security In Maturity Model, how companies with Software Security Groups retain their best and brightest, Microsoft’s trustworthy computing initiative/SDL program, and what less expensive tools small organizations with only a few developers can use.
Show 035: Computer Security within Daemon with Daniel Suarez
24 Feb 2009
On the 35th episode of The Silver Bullet Security Podcast, Gary talks with Daniel Suarez, independent consultant and author of Daemon, a new techno-thriller about a gamer that reaches from beyond the grave to declare a war on all of humanity.
Show 034: An Interview with Bill Brenner
15 Jan 2009
On the 34th episode of The Silver Bullet Security Podcast, Gary interviews Bill Brenner, senior editor at CSO Online and CSO Magazine.
Show 033: An Interview with Laurie Williams
23 Dec 2008
On the 33rd episode of The Silver Bullet Security Podcast, Gary talks with Laurie Williams, Associate Professor of Computer Science at North Carolina State University.
Show 032: An Interview with Jeremiah Grossman
14 Nov 2008
The 32nd episode of The Silver Bullet Security Podcast features founder and Chief Technology Officer of WhiteHat Security, Jeremiah Grossman.
Show 031: An Interview with Matt Bishop
21 Oct 2008
On the 31st episode of The Silver Bullet Security Podcast, Gary talks with Matt Bishop, professor of Computer Science at UC Davis and author of the book Computer Security: Art and Science as well as many peer-reviewed papers.
Show 030: An Interview with Ken van Wyk
27 Sep 2008
On the 30th episode of The Silver Bullet Security Podcast, Gary talks with Ken van Wyk, principal and founder of KRvW Associates.
Show 029: An Interview with Dennis Fisher
19 Aug 2008
On the 29th episode of The Silver Bullet Security Podcast, Gary talks with Dennis Fisher, executive editor of The Security Media Group at TechTarget.
Show 028: An Interview with Bill Cheswick
16 Jul 2008
On the 28th episode of The Silver Bullet Security Podcast, Gary interviews Bill Cheswick, a lead member of technical staff at AT&T Research and all around security guru.
Show 027: An Interview with Gunnar Peterson
19 Jun 2008
On the 27th episode of The Silver Bullet Security Podcast, Gary interviews software security expert Gunnar Peterson, a Managing Principal at Arctec Group.
Show 026: An Interview with Adam Shostack
16 May 2008
The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft’s Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective.
Show 025: An Interview with Jon Swartz
19 Apr 2008
Jon Swartz, USA Today‘s award-winning technology reporter and Pulitzer Prize nominee, is Gary’s guest on the 25th episode of The Silver Bullet Security Podcast.
Show 024: Background Behind a CSO with Mary Ann Davidson
15 Mar 2008
Oracle Chief Security Officer Mary Ann Davidson is the guest on the 24th episode of The Silver Bullet Security Podcast.
Show 023: The Growth of Software Security with Chris Wysopal
20 Feb 2008
On the 23rd episode of The Silver Bullet Security Podcast, Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing.
Show 022: Software Security Behind AT&T with Ed Amoroso
24 Jan 2008
On the 22nd episode of The Silver Bullet Security Podcast, Gary interviews Ed Amoroso, Chief Information Security Officer of AT&T.
Show 021: A Panel Discussion with Synopsys Principals
22 Dec 2007
For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Synopsys (formerly Cigital) principals.
Show 020: An Interview with Markus Jakobsson
17 Nov 2007
For the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, soon to be a reseacher at PARC after a stint as an Associate Professor of Informatics and associate director of the Center for Applied Cybersecurity Research at Indiana University.
Show 019: The Legitimacy of Mobile Viruses with Mikko Hyppönen
19 Oct 2007
For the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure.
Show 018: The ROI of Computer Security with Eric Cole
26 Sep 2007
On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor.
Show 017: The ROI of Computer Security with Eric Cole
25 Aug 2007
On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security.
Show 016: Understanding Exploits with Greg Hoglund
13 Jul 2007
On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software.
Show 015: Data Privacy Defined with Annie Antón
20 Jun 2007
On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, Associate Professor of Software Engineering at North Carolina State University and director of theprivacyplace.org.
Show 014: Computer Security since the 1960’s with Peter Neumann
23 May 2007
The 14th episode of The Silver Bullet Security Podcast features Peter Neumann, designer of the Multics OS file system, moderator of comp.RISKS, and Principal Scientist at the SRI Computer Science Laboratory.
Show 013: Security Engineering Described with Ross Anderson
14 Apr 2007
On the 13th episode of The Silver Bullet Security Podcast, Gary chats with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering.
Show 012: From Ruralism to Computer Security with Becky Bace
14 Mar 2007
On the 12th episode of The Silver Bullet Security Podcast, Gary talks with Becky Bace, Advisor to Venture Capital firm Trident Capital.
Show 011: Teaching Computer Security with Dorothy Denning
16 Feb 2007
On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University.
Show 010: A Discussion on Software Security & Static Analysis Tools
23 Jan 2007
The tenth episode of The Silver Bullet Security Podcast features a panel discussion with the Fortify Software Technical Advisory Board, several of whom have been featured on previous episodes.
Show 009: Phyisical And Computer Security Compared with Bruce Schneier
15 Dec 2006
In the ninth episode of The Silver Bullet Podcast, Gary interviews Bruce Schneier. Bruce is the founder and CTO of Counterpane and is regarded as the “uber-guru” of computer security.
Show 008: An Interview with Brian Chess
18 Nov 2006
In the eighth episode of The Silver Bullet Podcast, Gary talks with Brian Chess, co-founder and chief scientist of Fortify Software.
Show 007: Day in The Life of a CSO with John Stewart
26 Oct 2006
In the seventh episode of The Silver Bullet Podcast, Gary interviews Cisco Chief Security Officer John Stewart.
Show 006: Security’s impact on Microsoft with Michael Howard
29 Sep 2006
The sixth episode of the show features an interview with Michael Howard, the Senior Security Program Manager of Microsoft’s Security Technology Unit.
Show 005: 2006 Technology Predications with Ed Felton
29 Aug 2006
The fifth edition of the Silver Bullet Security Podcast features Ed Felten, Professor of Computer Science and Public Affairs at Princeton University and the Director of the Center for Information Technology Policy.
Show 004: A Software Security Industry 360 with Dana Epp
01 Aug 2006
In the fourth episode of the Silver Bullet Security Podcast, Gary’s guest is Dana Epp, CEO and founder of Scorpion Software.
Show 003: The Computer Security Plateau with Marcus Ranum
15 Jul 2006
In the third episode of the Silver Bullet Security Podcast, Gary talks with Marcus Ranum, who is an acclaimed security guru widely credited with inventing the proxy firewall.
Show 002: The Necessities of a Security Practitioner with Dan Geer
13 Jun 2006
In this episode of the Silver Bullet Security Podcast, Gary chats with Dan Geer, Chief Scientist at Verdasys.
Show 001: An Interview with Avi Rubin
20 Apr 2006
In the debut episode of the Silver Bullet Security Podcast, Gary talks with Avi Rubin, professor of computer science and technical director of the information security institute at Johns Hopkins University.